Showing posts with label ssh. Show all posts
Showing posts with label ssh. Show all posts

Saturday, June 9, 2018

How do I login over ssh without using password less RSA / DSApublic keys?

Linux system Admins  normally login to the linux  servers either supplying a password,
or using keybased authentication. sshpass is a tool which allows us to automatically
supply password to the command prompt so that automated scripts can be run as desired
by users. sshpass supplies password to ssh prompt using dedicated tty , fooling ssh to
believe that a interactive user is supplying password.

Install sshpass under Debian / Ubuntu Linux

Type the following command:
$ sudo apt-get install sshpass

Install sshpass under RHEL/CentOS Linux

$ sudo yum install sshpass

If you are using Fedora Linux, type:
$ sudo dnf install sshpass

Install sshpass under Arch Linux

$ sudo pacman -S sshpass

Install sshpass under OpenSUSE Linux

$ sudo zypper install sshpass

Install sshpass under FreeBSD Unix

To install the port, enter:
# cd /usr/ports/security/sshpass/ && make install clean
To add the package, run:
# pkg install sshpass

Getting Help :
# sshpass -h
Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters
  • -f filename   Take password to use from file
  • -d number Use number as file descriptor for getting password
  • -p password   Provide password as argument (security unwise)
  • -e         Password is passed as env-var "SSHPASS" With no parameters – password will be taken from stdin
  • -h         Show help (this screen)
  • -V         Print version information
At most one of -f, -d, -p or -e should be used

How do I use sshpass in Linux or Unix?

Login to ssh server called with password called redhat@1234
$ sshpass -p 'redhat@1234' ssh

For shell script you may need to disable host key checking:
$ sshpass -p 'redhat@1234' ssh -o StrictHostKeyChecking=no


$sshpass -p 'redhat@1234' ssh  "uptime"

Sample output
01:04:35 up 126 days,  3:34, 2 users, load average: 0.50, 0.54, 0.55

Reading password from file

Another option is to read password from file using the -f option.
The syntax is:
sshpass -f fileNameHere ssh user@server

How to Disable Root SSH Login on Linux ?

One of the biggest security holes you could open on your server is to allow directly
logging in as root through ssh, because any cracker can attempt to brute force
your root password and potentially get access to your system if they can figure out your password.

It’s much better to have a separate account that you regularly use and simply
sudo to root when necessary. Before we begin, you should make sure that
you have a regular user account and that you can su or sudo to root from it.

To fix this problem, we’ll need to edit the sshd_config file, which is the main configuration
file for the sshd service. The location will sometimes be different, but it’s usually in /etc/ssh/.
Open the file up while logged on as root.

$ vi /etc/ssh/sshd_config

Find this section in the file, containing the line with “PermitRootLogin” in it.

#LoginGraceTime 5m
#PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6

Make the line look like this to disable logging in through ssh as root. Uncomment that line

PermitRootLogin no

Now you’ll need to restart the sshd service:

/etc/init.d/sshd restart

Now nobody can brute force your root login, at least.

Thursday, January 4, 2018

How to Find All Failed SSH login Attempts in Linux ?

Each attempt to login to SSH server is tracked and recorded into a log file by the rsyslog daemon in Linux. The most basic mechanism to list all failed SSH logins attempts in Linux is a combination of displaying and filtering the log files.
The most simple command to list all failed SSH logins is the one shown below.
#grep "Failed password" /var/log/auth.log
Sample output.
grep "Failed password" /var/log/auth.log
Sep 26 09:49:11 sshd[32138]: Failed password for ravi from port 33325 ssh2
Oct  2 23:04:25 sshd[25028]: Failed password for root from port 55800 ssh2
In order to display extra information about the failed SSH logins, issue the command as shown in the below example.
#egrep "Failed|Failure" /var/log/auth.log
In CentOS or RHEL, the failed SSH sessions are recorded in /var/log/secure file. Issue the above command against this log file to identify failed SSH logins.
#egrep "Failed|Failure" /var/log/secure
Sample output
Dec 29 16:11:01 localhost sshd[32526]: Failed password for root from port 31729 ssh2
Dec 29 16:11:04 localhost sshd[32526]: Failed password for root from port 31729 ssh2

Wednesday, March 9, 2016

How to configure Passwordless SSH login in Linux ?

SSH is often used to login from one machine to another machine, There are number of methods to achieve this but mostly in every method it requires authentication..... It also does requires authentication but for one time only i.e. for the first time you need to do a setup and for rest of the times when you will try to login via ssh it will not ask for any password.

For achieving this you just need to generate your own personal set of private/public key pair. ssh-keygen is used to generate that key pair for you.

A HOWTO for generating your own private/public key pair is given below:

Firstly generate your private/public key pair by following command:

[ Desktop]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/root/.ssh/id_rsa): [Press enter if you want to save your keys to default location]
Enter passphrase (empty for no passphrase): [Enter your passphrase]
Enter same passphrase again:  [Enter your passphrase again to verify]
Your identification has been saved in /home/root/.ssh/id_rsa.
Your public key has been saved in /home/root/.ssh/
The key fingerprint is:
The key's randomart image is:
+--[ RSA 2048]----+
|       . o.      |
|      . =  .     |
|       o...      |
|       . ..      |
|      ..S+      .|
|    . =.+ .    o.|
|   . + + o .  ..o|
|    o   o . . ...|
|         .   . .E|

Now just copy your public key to remote machine, in this case I have generated key pair for and copied server's public key to client's machine via following command.

[ .ssh]$ ssh-copy-id -i ~/.ssh/  client@
client@'s password:  [Enter the password for the first time]
Now try logging into the machine, with "ssh 'client@'", and check in:

cat  /home/client/ .ssh/authorized_keys

Now when you will try to login to client's machine it will not prompt for the password.

[ ~]$ ssh client@
Last login: Thu Dec  9 10:45:35 2015 from

Saturday, April 25, 2015

List Of Free Windows SSH Client Tools To Connect To Your Linux Server

You have Windows as operating system and you need to connect to Linux server to transfer files from Linux to Windows and inversely. So you need to have Secure Shell known as SSH. In fact, SSH is a network protocol which enables you to connect to Linux and Unix servers over the network. It uses public key cryptography to authenticate the remote computer. You can use SSH by several ways, either by using it automatically or by using a password authentication to log in.
This article provides a list of SSH clients let you to connect SSH to your Linux servers.
let’s start.


PuTTY is the most famous SSH and telnet client, developed originally by Simon Tatham for the Windows platform. PuTTY is open source software that is available with source code and is developed and supported by a group of volunteers.

Putty is very easy to install and to use.You don’t usually need to change most of the configuration options. To start the simplest kind of session, all you need to do is to enter a few basic parameters.

Bitvise SSH Client

Bitvise SSH Client is an SSH and SFTP client for Windows. It is developed and supported professionally by Bitvise. The SSH Client is robust, easy to install, easy to use. Bitvise SSH Client is a feature-rich graphical SSH/SFTP client for windows and allow you dynamic port forwarding through an integrated proxy with auto-reconnecting capability.

Bitvise SSH Client is free for personal use, as well as for individual commercial use inside organizations. You can download Bitvise SSH Client here.


MobaXterm is your ultimate toolbox for remote computing. In a single Windows application, it provides loads of functions that are tailored for programmers, webmasters, IT administrators and pretty much all users who need to handle their remote jobs in a more simple fashion.
MobaXterm provides all the important remote network tools (SSH, X11, RDP, VNC, FTP, MOSH, …) and Unix commands (bash, ls, cat, sed, grep, awk, rsync, …) to Windows desktop, in a single portable exe file which works out of the box. MobaXterm is free for personal use. You can download MobaXterm from here.

DameWare SSH

I think that DameWare SSH is the best free ssh client.

This free tool is a terminal emulator that lets you make multiple telnet and SSH connections from one easy-to-use console.
  • Manage multiple sessions from one console with a tabbed interface
  • Save favorite sessions within the Windows file system
  • Access multiple sets of saved credentials for easy log-in to different devices
  • Connect to computers and devices using telnet, SSH1, and SSH2 protocols
You can download DameWare SSH  from this link.
SmarTTY is a free multi-tabbed SSH client that supports copying files and directories with SCP on-the-fly.

Most SSH servers support up to 10 sub-sessions per connection. SmarTTY makes the best of it: no annoying multiple windows, no need to relogin, just open a new tab and go!


Cygwin is a large collection of GNU and Open Source tools which provide functionality similar to a Linux distribution on Windows.

Cygwin consists of a Unix system call emulation library, cygwin1.dll, together with a vast set of GNU and other free software applications organized into a large number of optional packages. Among these packages are high-quality compilers and other software development tools, an X11 server, a complete X11 development toolkit, GNU emacs, TeX and LaTeX, OpenSSH (client and server), and much more, including everything needed to compile and use PhysioToolkit software under MS-Windows.

Wednesday, November 19, 2014

ssh command examples

Login to remote host
ssh -l jsmith
Debug ssh client
ssh -v -l jsmith
Display ssh client version
$ ssh -V
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003